Lucene search

[email protected]CVE-2005-0316

HistoryJan 28, 2005 - 5:00 a.m.

CVE-2005-0316

2005-01-2805:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-0316

webwasher classic

server mode

connect requests

access restrictions

7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.051 Low

EPSS

Percentile

92.9%

JSON

WebWasher Classic 2.2.1 and 3.3, when running in server mode, does not properly drop CONNECT requests to the localhost from external systems, which could allow remote attackers to bypass intended access restrictions.

CPENameOperatorVersion
webwasher:webwasher_classicwebwasher webwasher classiceq2.2.1
webwasher:webwasher_classicwebwasher webwasher classiceq3.3

CPE	Name	Operator	Version
webwasher:webwasher_classic	webwasher webwasher classic	eq	2.2.1
webwasher:webwasher_classic	webwasher webwasher classic	eq	3.3

References

marc.info/?l=bugtraq&m=110693045507245&w=2

secunia.com/advisories/14058

securitytracker.com/id?1013036

www.oliverkarow.de/research/WebWasherCONNECT.txt

www.securityfocus.com/bid/12394

exchange.xforce.ibmcloud.com/vulnerabilities/19144

7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.051 Low

EPSS

Percentile

92.9%

JSON

Related for CVE-2005-0316

nessus1